I was comforted to read in the NY Times today that credit card processing company, CardSystems, who reported that millions of their credit card records were stolen by a hacker had their data stolen because of NOT following security procedures.
What does this mean for you?
If you have VERY good security POLICIES you have a better chance of your data not getting into the wrong hands.
They NY Times writes Under rules established by Visa and MasterCard, processors are not allowed to retain cardholder information including names, account numbers, expiration dates and security codes after a transaction is handled.
“CardSystems provides services and is supposed to pass that information on to the banks and not keep it,” said Joshua Peirez, a MasterCard senior vice president who has been involved with the investigation. “They were keeping it.”
The security breach was first reported Friday when MasterCard International said a lapse at CardSystems had allowed the installation of a rogue computer program that could extract data from the system, potentially compromising 40 million accounts of various credit cards.
MasterCard said Saturday that 68,000 of its own account numbers were especially at risk because they were in a file found to have actually been “exported from the system.” CardSystems said yesterday that the file also contained data from other cards in proportion to the volume of business it handles from each company. That would translate to about 100,000 Visa accounts and roughly 30,000 others.